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DETAILED ACTION 

1 . This action is response to communication: amendment filed on 04/30/2010. 

2. Claims 18, 19, 21 , 22, 25-27, 29, 30, 34, 38-41 , and 43-46 are currently pending 
in this application. 

3. No new IDS has been received on this application. 



Response to Arguments 

4. Applicant's arguments with respect to the 103 art rejections have been fully 
considered but are not persuasive. 

5. The Applicants are arguing that Simon as modified by Maufer do not teach that 
the sending of updated information is a response to when a sequence number reaches 
a predefined value. However, mentioned in the last Office Action, Simon as modified do 
teach these limitations. The applicants are arguing that Maufer's negotiation is a new 
security association, and is not used to update parameters of an existing security 
association. This is not so. As seen in Maufer paragraph 90, SA renegotiation may be 
predetermined, such as when a sequence number value gets within 33% or less, or 
could be another negotiated time. As seen in paragraphs 83 and 84, during negotiation, 
new values may be chosen (as seen in paragraphs 83 and 84, wherein security 
parameters index values can be selected; also, as seen in paragraph 91). This is also 
made clear in paragraph 7, which describes an SA/IKE negotiation as a negotiation in 
which parameters such as a key is chosen. It is also important to note the language. 



Application/Control Number: 10/619,352 Page 3 

Art Unit: 2434 

This is Renegotiation, which suggests it is an update (not a simple negotiation). 
Therefore, as seen in Maufer, after a sequence number reaches a predetermined value, 
SA parameters are renegotiated, resulting in a change of security parameters. 

Even further, the applicants are construing the term "updating" too narrowly. 
Even if some of the parameters are new, new values can still 'update' the previous 
values. For example, if some parameters need to be changed or updated, a system 
can generate new numbers to make such a change. Even if these are still new 
numbers, these new numbers are still used to update the old previous ones. Again, as 
mentioned above, Maufer teaches renegotiation, and not a first negotiation of 
parameters. If the applicants wish to overcome these rejections, the applicants are 
suggested to narrow the claim limitations by adding specific claim limitations excluding 
the examples provided above. Further, applicants are advised to cancel the withdrawn 
claims. 

6. The applicants are arguing the dependent claims are allowable for the same 
reasons as discussed for the independent claim. The response above applies to the 
dependent claims as well, and therefore are not persuasive. 

Claim Objections 

7. The previous claim objections have been withdrawn in response to applicant's 
amendment. 

Claim Rejections - 35 USC §112 
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8. The previous 112 rejections have been withdrawn in response to applicant's 
amendments. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claims 18, 19, 21, 25-27, 38, 39, and 45-46 are rejected under 35 U.S.C. 103(a) 
as being anticipated by Simon et al. US Patent Application Publication 2003/0093691 
(hereinafter Simon), in view of Maufer et al. US Patent Application Publication 
2003/0233576 (hereianfter Maufer). 

As per claim 18, Simon teaches a method of providing redundancy in a security 
processing system comprising: establishing a first secure packet from through a first 
(paragraph 70 and 95) security processor (paragraphs 50, 51 , 59); updating a 
parameter in a set of parameters of security association associated with the first secure 
packet flow (paragraphs 59, 79, 80; as seen in paragraph 10 and 1 1 , an SA may include 
multiple parameters); establishing a second secure packet flow through a second 
processor (paragraphs 70 and 95) security processor (50, 51 , 59, Figure 1 , as these 
processes take place on multiple edge routers); updating a parameter in a set of 
parameters of a security association associated with the second secure packet flow 
(paragraphs 50, 51, 59, and Figure 1, as these processes take place on multiple edge 
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routers); sending the updated parameter information associated with the first secure 
packet flow from the first security processor to the second security processor at a first 
predefined interval (paragraphs 60, 64, 66, 70, 74, and 82, wherein paragraphs 70 and 
82 teaches that information may be distributed directly between edge routers, as it is 
advantageous to combine the functions of a cryptographic node with an edge router; 
also discussed in detail in paragraphs 72-73; ); sending the updated parameter 
associated with the second secure packet flow for the second security processor to the 
first security processor at a second predefined interval(paragraphs 60, 65, 66, 70, 74, 
and 82, wherein paragraphs 70 and 82 teaches that information may be distributed 
directly between edge routers; also, Figure 1, wherein it shows multiple edge routers, 
and wherein the paragraphs teach that the edge routers send each other the updated 
SA information; also discussed in detail in paragraphs 72 and 73); storing the updated 
parameter associated with the first secure packet flow and the updated parameter 
associated with the second secure packet flow in the first security processor and in the 
second security processor (paragraphs 64-66 and 70). 

However, at the time of the invention, Simon does not explicitly teach when 
updated parameters are sent when a sequence number in the security association 
information associated with secure packet flows reaches a predefined value. However, 
Maufer teaches this, such as in paragraph 88 and 90 (wherein SA parameters are 
renegotiated; also see paragraphs 83 and 84, and also 91, wherein these negotiations 
result in updated parameters; also see paragraph 7, wherein SA/IKE negotiation is an 
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agreement on chosen session keys). Also see paragraphs 23, and 24, wherein there 
exists parameters (plural, implying there are multiple paramters). 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Simon and Maufer references to teach sending packets after a 
sequence number reaches a first predefined value. One of ordinary skill in the art would 
have been motivated to perform such an addition to increase security and provide 
integration so that systems are compatible with IPSec's security algorithms, (paragraph 
13 of Maufer). 

The rejection for claim 18 above is herein incorporated with the rejection on its 
dependent claims. 

As per claim 19, Simon teaches wherein the rerouting step is in response to a 
failure of packet flow through the first security processor (abstract, paragraph 79, 
paragraph 95). 

As per claim 21 , Maufer teaches wherein the sequence number in the set of 
security association parameters associated with the first secure packet flow is 
incremented when a packet in the first secure packet flow is received from or 
transmitted to a network (paragraph 88). 

As per claim 25, Simon teaches generating at least one configuration 
packet including the updated parameter associated with the first secure packet flow, 
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wherein sending the updated parameter from the first security processor tot eh second 
security processor comprises sending the at least one configuration packet (paragraphs 
54-55). 

As per claim 26, Simon teaches sending, by a host processor, configuration 
information to the first security processor and the second security processor 
(paragraphs 32-37, 55, 56, 57). 

As per claim 27, Simon teaches sending, by a host processor, security 
association configuration information to the first security processor and the second 
security processor (paragraphs 32-35, 37, 55, 56, 57). 

Claim 38 is rejected using the same basis of arguments used to reject claim 18 
above, (the system as taught throughout Simon and Maufer) 

As per claim 39, Simon teaches at least one host processor connected to the at 
least one switch for terminating or initiating the first packet flow and the second packet 
flow (paragraph 43, Figure 3). 

As per claim 45, Simon rerouting the secure packet flow to flow through 
the second security processor instead of the first (paragraphs 70, abstract, and 
paragraph 95) 

As per claim 46, Simon teaches at least one host processor for establishing a 
first packet flow to a first security processor and a second packet flow to a second 
security processor (throughout the reference, and for example, paragraphs 70-73. 
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1 1 . Claims 22, 29, 30, and 34 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Simon and Maufer as applied above, and in view of Xiong et al. US 
Patent Application Publication 2003/0061507 (hereinafter Xiong). 

As per claim 22, Simon in view of Maufer does not explicitly teach wherein the 
updated parameter associated with the first secure packet flow comprises at least one 
bye count. However, Xiong teaches this in paragraph 23. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include a sequence number with a security association. One of ordinary skill 
in the art would have been motivated to perform such an addition, as sequence 
numbers are commonly associated with security associations. This is taught in 
paragraph 23 of Xiong.. Also, by incorporating sequence numbers, the transmissions 
are more secure, as they prevent replay attacks (also found in paragraph 23). 

As per claim 29, Simon teaches defining an interval to adjust the sequence 
number in the set of parameters of the security association assocaited with the first 
secure packet flow in paragraphs 79-80. Although Simon does not teach defining the 
quantity, this is taught by Xiong; Xiong teaches defining a quantity to adjust a sequence 
number in the set of parameters of the security association associated with a secure 
packet flow in paragraph 23. (this is also taught by Maufer in paragraph 88). Xiong 
also teaches determining whether to send the security association information 
according to a comparison of a sequence number with the interval in paragraph 23. 
Although it does not teach a second processor, Simon teaches incorporating sending 
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security associations to second security processors. Further, as taught by both Xiong 
and Maufer, the security association information is associated secure packet flows. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to modify Simon as modified with Xiong to teach defining intervals to update 
parameters associated with security associations. One of ordinary skill in the art would 
have been motivated to perform such an addition to create more security, as security 
association information is important, and utilizing sequence numbers in regards to SA 
information helps create more security. By incorporating sequence numbers, the 
transmissions are more secure, as they prevent replay attacks (also found in paragraph 
23). 

As per claim 30, Maufer teaches further comprising adding the quantity to the 
sequence number before sending the updated parameter associated with the first 
secure packet flow to the second security processor (paragraphs 88-90, wherein 
sequence numbers are incremented before they are sent out) 

As per claim 34, Xiong teaches sending replay window information to the second 
security processor (paragraph 23, in combination with the Simon reference 
incorporating the second security processor). 

12. Claims 40, 41, 43, and 44 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Simon and Maufer as applied above, and in view of Rosenow et al. 
US Patent No. 5,022,076 (hereinafter Rosenow). 
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As per claim 40, Simon teaches changing the routing of packet flow by either 
routing the first packet flow to the second security processor instead of the first security 
processor or routing the second packet flow to the first security processor instead of the 
second security processor (paragraphs 72, 73, 75, 76, and 77). However, Simon as 
modified by Maufer does not explicitly teach wherein the one host processor changes 
the routing of the packet flow. However, routing processes from one processor to 
another processor is well known in the art, as taught by Rosenow. Rosenow teaches 
throughout the reference the routing of processes from one processor to another 
processor, such as in the abstract and in col. 23 lines 59 to col. 24 line 1 1 . 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Rosenow reference with the Simon and Maufer combination. 
One of ordinary skill in the art would have been motivated to perform such an addition to 
provide more reliability by creating a fault tolerant system. This is taught throughout 
Rosenow, such as in the abstract and col. 4 lines 15-61 . 

As per claim 41 , Rosenow teaches wherein the change in the routing is in 
response to a failure of the first packet flow through the first security processor or the 
second flow through the second security processor (abstract; col. 23 line 59 to col. 24 
line 11). Also, this is taught in Simon's abstract, paragraph 79, and paragraph 95. 

Claim 43 is rejected using the same basis of arguments used to reject claim 40 

above. 

Claim 44 is rejected using the same basis of arguments used to reject claim 40 
above, (it routes to whatever processor is working). 
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Conclusion 

13. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JASON K. GEE whose telephone number is (571)272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

/Jason Gee/ 
Patent Examiner 
Technology Center 2400 
05/18/2010 



/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



